www.homeseer.com    
 

Go Back   HomeSeer Message Board > Internet or Network Related Plug-ins > Internet or Network Discussion

Reply
 
Thread Tools Display Modes
  #1  
Old December 5th, 2017, 10:55 PM
Leylander Leylander is offline
Seer
 
Join Date: Feb 2010
Location: Australia
Posts: 43
Squid (or other) proxy manipulation

Hi, I have two kids, both with different levels of autism and would like to toggle internet 'profiles' based upon conditions and I think HomeSeer would be a great place to start - concerning that it'd controlling most of the house now anyway.

Not knowing how squid works and if one could send SSH/HTTP commands to toggle certain proxy rules, I guess I am asking firstly if Squid (Linux) supports this and then if HomeSeer can then send squid the 'triggers'?

Any ideas/leads/suggestions?
Reply With Quote
  #2  
Old December 6th, 2017, 09:45 AM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 14,266
Yes.

Don't utilize Homeseer for this.

There are Homeseer syslog plugins but there are no plugins to control a firewall via Homeseer.



Rather use an autonomous firewall like PFSense and the Dan's Guardian plugin which is free with PFSense.

That said Dan's Guardian is no longer supported by PFSense.

DansGuardian, written by SmoothWall Ltd and others, is content-control software: software designed to control which websites users can access. It also includes virus filtering and usage monitoring features. DansGuardian must be installed on a Unix or Linux computer, such as a server computer; its filtering extends to all computers in an organization, including Windows and Macintosh computers. DansGuardian is used by schools, businesses, value-added Internet service providers, and others.

As of now, DansGuardian is no longer maintained. Its successor is named "e2guardian".

Unofficial E2guardian package for pfSense

The alternative is squid guard on PFSense and autonomously you can utilize.

PFSense Squid guard

Have a read here:

The best free parental control software 2017
__________________
- Pete

Automator

HS3 Pro & Lite
Edition Beta 3.0.0.387 | Ubuntu 16.04 64 bit | Oracle Windows Virtual Box ==> for Wintel only SAPI and HS3 plugins

Reply With Quote
  #3  
Old December 6th, 2017, 07:06 PM
S-F's Avatar
S-F S-F is offline
OverSeer
 
Join Date: Jun 2012
Location: Goobertown AR 72450
Posts: 2,882
Pete, correct me if I'm wrong but isn't Squid blind to HTTPS traffic?
__________________
Quote:
Originally Posted by rprade View Post
There is no rhyme or reason to the anarchy a defective Z-Wave device can cause
Reply With Quote
  #4  
Old December 6th, 2017, 07:43 PM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 14,266
Yes and more.

Going to the Wiki ....about Squid..it is wiki worded better than I can do it.

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. Although primarily used for HTTP and FTP, Squid includes limited support for several other protocols including Internet Gopher, SSL, TLS and HTTPS. Squid does not support the SOCKS protocol.

Squid was originally designed to run as a daemon on Unix-like systems. A Windows port was maintained up to version 2.7. New versions available on Windows use the Cygwin environment.

Squid is free software released under the GNU General Public License.


Also run Snort here on the firewall.

Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)[4] created by Martin Roesch in 1998. Snort is now developed by Sourcefire, of which Roesch is the founder and CTO, and which has been owned by Cisco since 2013.[7][8]

In 2009, Snort entered InfoWorld's Open Source Hall of Fame as one of the "greatest [pieces of] open source software of all time".

Snort's open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching and matching.

The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, semantic URL attacks, buffer overflows, server message block probes, and stealth port scans.

Snort can be configured in three main modes: sniffer, packet logger, and network intrusion detection. In sniffer mode, the program will read network packets and display them on the console. In packet logger mode, the program will log packets to the disk. In intrusion detection mode, the program will monitor network traffic and analyze it against a rule set defined by the user. The program will then perform a specific action based on what has been identified.

and run ClamAV

Clam AntiVirus (ClamAV) is a free, cross-platform and open-source antivirus software toolkit able to detect many types of malicious software, including viruses. One of its main uses is on mail servers as a server-side email virus scanner. The application was developed for Unix and has third party versions available for AIX, BSD, HP-UX, Linux, macOS, OpenVMS, OSF (Tru64) and Solaris. As of version 0.97.5, ClamAV builds and runs on Microsoft Windows.Both ClamAV and its updates are made available free of charge.

Sourcefire, a maker of intrusion detection products and the owner of Snort, announced on 17 August 2007 that it had acquired the trademarks and copyrights to ClamAV from five key developers. In turn, Sourcefire was acquired by Cisco in 2013.

and Maxmind Geoblocking....via a PFSense plugin.

pfBlocker introduces an Enhanced Aliastable Feature to pfSense.

What it allows:

Assigning many IP address URL lists from sites like I-blocklist to a single alias and then choose a rule action.
Blocking countries and IP ranges.

Replaces Countryblock and IPblocklist (provides same functionality of both in one package and more)

This package only uses native functions of pfSense instead of file hacks and table manipulation as was done in Countryblock and IPblocklist.

Last edited by Pete; December 6th, 2017 at 07:57 PM.
Reply With Quote
  #5  
Old December 7th, 2017, 06:54 AM
S-F's Avatar
S-F S-F is offline
OverSeer
 
Join Date: Jun 2012
Location: Goobertown AR 72450
Posts: 2,882
Right.

But.


None of these tools can monitor HTTPS traffic, right? I tried playing with Squid caching and it was fruitless. Some business about having to install self signed certs on every client on the network and so on. It was all so much hassle that I just powered down the huge PFSense machine I built and plugged my DD-WRT router back in.
Reply With Quote
  #6  
Old December 7th, 2017, 11:21 AM
Pete's Avatar
Pete Pete is offline
OverSeer
 
Join Date: Jan 2001
Location: House
Posts: 14,266
@Colin,

Baby steps.

Put PFSense inside your network to play with.

PFSense monitors all traffic.

It's just a multitasking bean counter.

Having used PFSense for over 10 years I tend to let my fingers do the walking old expression (dialing numbers without looking these days).

Have a read here about

pfSense: Generate a SSL Certificate for HTTPS on your pfSense

Here went from DD-WRT routers to using / tinkering with OpenWRT routers a few years back. Have a look see at OpenWRT.

The object here is to more your home defenses mechanisms to the firewall with common rules. These days with the abundance of internet traffic, higher speeds, internet appliances and hubs you want to keep everything in check.

BUT you do not want to let it overwhelm; then it serves no purpose.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HST Element Manipulation jsyers HomeSeer General Discussion Area 4 May 31st, 2016 03:52 PM
Analog manipulation Daggy67 Arduino Plugin (3P) 1 March 18th, 2015 08:59 AM
Reverse Proxy / Forwarding Proxy travisdh HomeSeer General Discussion Area 0 January 2nd, 2014 10:49 PM
VB.net String Manipulation donstephens Programming with HomeSeer 2 July 16th, 2013 03:55 PM
String manipulation help bwally HomeSeer General Discussion Area 5 January 21st, 2005 06:40 PM


All times are GMT -4. The time now is 08:15 AM.


Copyright HomeSeer Technologies, LLC